Project

General

Profile

« Previous | Next » 

Revision dc104520

Added by Viktor Gurov over 5 years ago

DNS64 support. Issue #10274

View differences:

src/etc/inc/unbound.inc
175 175 
		$module_config .= 'python ';
176 176 
	}
177 177 

  		




  
  178
  
    
	// Setup DNS64 support


  		




  
  179
  
    
	if (isset($unboundcfg['dns64'])) {


  		




  
  180
  
    
		$module_config .= 'dns64 ';


  		




  
  181
  
    
		$dns64_conf = 'dns64-prefix: ';


  		




  
  182
  
    
		if (is_subnetv6($unboundcfg['dns64prefix'] . '/' . $unboundcfg['dns64netbits'])) {


  		




  
  183
  
    
			$dns64_conf .= $unboundcfg['dns64prefix'] . '/' . $unboundcfg['dns64netbits'];


  		




  
  184
  
    
		} else {


  		




  
  185
  
    
			$dns64_conf .= '64:ff9b::/96';


  		




  
  186
  
    
		}


  		




  
  187
  
    
	}


  		




  
  188
  
    

  		




  178
  189
  
    
	// Setup DNSSEC support


  		




  179
  190
  
    
	if (isset($unboundcfg['dnssec'])) {


  		




  180
  191
  
    
		$module_config .= 'validator ';


  		




  ......




  487
  498
  
    
# DNS Rebinding


  		




  488
  499
  
    
{$private_addr}


  		




  489
  500
  
    
{$private_domains}


  		




  
  501
  
    
{$dns64_conf}


  		




  490
  502
  
    

  		




  491
  503
  
    
# Access lists


  		




  492
  504
  
    
include: {$g['unbound_chroot_path']}{$cfgsubdir}/access_lists.conf


  		












  

    
      src/usr/local/www/classes/Form/IpAddress.class.php
    
  





  70
  70
  
    
	}


  		




  71
  71
  
    

  		




  72
  72
  
    
	// $min is provided to allow for VPN masks in which '0' is valid


  		




  73
  
  
    
	public function addMask($name, $value, $max = 128, $min = 1)


  		




  
  73
  
    
	public function addMask($name, $value, $max = 128, $min = 1, $auto = true)


  		




  74
  74
  
    
	{


  		




  75
  75
  
    
		$this->_mask = new Form_Select(


  		




  76
  76
  
    
			$name,


  		




  ......




  81
  81
  
    

  		




  82
  82
  
    
		$this->_mask->addClass("pfIpMask");


  		




  83
  83
  
    

  		




  
  84
  
    
		if ($auto)


  		




  
  85
  
    
			$this->_auto = true;


  		




  
  86
  
    

  		




  84
  87
  
    
		return $this;


  		




  85
  88
  
    
	}


  		




  86
  89
  
    

  		




  ......




  99
  102
  
    
		if (!isset($this->_mask))


  		




  100
  103
  
    
			return $input;


  		




  101
  104
  
    

  		




  
  105
  
    
		if (isset($this->_auto))


  		




  
  106
  
    
			$pfipmask = " pfIpMask";


  		




  
  107
  
    

  		




  102
  108
  
    
		return <<<EOT


  		




  103
  109
  
    
		<div class="input-group">


  		




  104
  110
  
    
			$input


  		




  105
  
  
    
			<span class="input-group-addon input-group-inbetween pfIpMask">/</span>


  		




  
  111
  
    
			<span class="input-group-addon input-group-inbetween$pfipmask">/</span>


  		




  106
  112
  
    
			{$this->_mask}


  		




  107
  113
  
    
		</div>


  		




  108
  114
  
    
EOT;


  		












  

    
      src/usr/local/www/services_unbound_advanced.php
    
  





  80
  80
  
    
$pconfig['infra_cache_numhosts'] = isset($config['unbound']['infra_cache_numhosts']) ? $config['unbound']['infra_cache_numhosts'] : '10000';


  		




  81
  81
  
    
$pconfig['unwanted_reply_threshold'] = isset($config['unbound']['unwanted_reply_threshold']) ? $config['unbound']['unwanted_reply_threshold'] : 'disabled';


  		




  82
  82
  
    
$pconfig['log_verbosity'] = isset($config['unbound']['log_verbosity']) ? $config['unbound']['log_verbosity'] : "1";


  		




  
  83
  
    
$pconfig['dns64prefix'] = isset($config['unbound']['dns64prefix']) ? $config['unbound']['dns64prefix'] : '';


  		




  
  84
  
    
$pconfig['dns64netbits'] = isset($config['unbound']['dns64netbits']) ? $config['unbound']['dns64netbits'] : '96';


  		




  83
  85
  
    

  		




  84
  86
  
    
if (isset($config['unbound']['disable_auto_added_access_control'])) {


  		




  85
  87
  
    
	$pconfig['disable_auto_added_access_control'] = true;


  		




  ......




  93
  95
  
    
	$pconfig['use_caps'] = true;


  		




  94
  96
  
    
}


  		




  95
  97
  
    

  		




  
  98
  
    
if (isset($config['unbound']['dns64'])) {


  		




  
  99
  
    
	$pconfig['dns64'] = true;


  		




  
  100
  
    
}


  		




  
  101
  
    

  		




  96
  102
  
    
if ($_POST) {


  		




  97
  103
  
    
	if ($_POST['apply']) {


  		




  98
  104
  
    
		$retval = 0;


  		




  ......




  143
  149
  
    
		if (isset($_POST['dnssecstripped']) && !isset($config['unbound']['dnssec'])) {


  		




  144
  150
  
    
			$input_errors[] = gettext("Harden DNSSEC Data option can only be enabled if DNSSEC support is enabled.");


  		




  145
  151
  
    
		}


  		




  
  152
  
    
		if (isset($_POST['dns64']) && !empty($_POST['dns64prefix']) && !is_ipaddrv6($_POST['dns64prefix'])) {


  		




  
  153
  
    
			$input_errors[] = gettext("DNS64 Prefix must be valid IPv6 prefix.");


  		




  
  154
  
    
		}


  		




  
  155
  
    
		if (isset($_POST['dns64']) && isset($_POST['dns64netbits']) && 


  		




  
  156
  
    
		    (($_POST['dns64netbits'] > 96) || ($_POST['dns64netbits'] < 1))) {


  		




  
  157
  
    
			$input_errors[] = gettext("DNS64 subnet must be not more than 96 and not less that 1.");


  		




  
  158
  
    
		}


  		




  146
  159
  
    

  		




  147
  160
  
    
		if (!$input_errors) {


  		




  148
  161
  
    
			if (isset($_POST['hideidentity'])) {


  		




  ......




  216
  229
  
    
				unset($config['unbound']['use_caps']);


  		




  217
  230
  
    
			}


  		




  218
  231
  
    

  		




  
  232
  
    
			if (isset($_POST['dns64'])) {


  		




  
  233
  
    
				$config['unbound']['dns64'] = true;


  		




  
  234
  
    
				$config['unbound']['dns64prefix'] = $_POST['dns64prefix'];


  		




  
  235
  
    
				$config['unbound']['dns64netbits'] = $_POST['dns64netbits'];


  		




  
  236
  
    
			} else {


  		




  
  237
  
    
				unset($config['unbound']['dns64']);


  		




  
  238
  
    
			}


  		




  
  239
  
    

  		




  219
  240
  
    
			write_config(gettext("DNS Resolver configured."));


  		




  220
  241
  
    

  		




  221
  242
  
    
			mark_subsystem_dirty('unbound');


  		




  ......




  438
  459
  
    
	$pconfig['use_caps']


  		




  439
  460
  
    
))->setHelp('See the implementation %1$sdraft dns-0x20%2$s for more information.', '<a href="https://tools.ietf.org/html/draft-vixie-dnsext-dns0x20-00">', '</a>');


  		




  440
  461
  
    

  		




  
  462
  
    
$section->addInput(new Form_Checkbox(


  		




  
  463
  
    
	'dns64',


  		




  
  464
  
    
	'DNS64 Support',


  		




  
  465
  
    
	'Enable DNS64 (RFC 6147)',


  		




  
  466
  
    
	$pconfig['dns64']


  		




  
  467
  
    
))->setHelp('DNS64 is used with an IPv6/IPv4 translator to enable client-server communication between an IPv6-only client and an IPv4-only servers.');


  		




  
  468
  
    

  		




  
  469
  
    
$group = new Form_Group('DNS64 Prefix');


  		




  
  470
  
    
$group->addClass('dns64pr');


  		




  
  471
  
    

  		




  
  472
  
    
$group->add(new Form_IpAddress(


  		




  
  473
  
    
	'dns64prefix',


  		




  
  474
  
    
	'DNS64 Prefix',


  		




  
  475
  
    
	$pconfig['dns64prefix']


  		




  
  476
  
    
))->addMask('dns64netbits', $pconfig['dns64netbits'], 96, 1, false)->setWidth(4);


  		




  
  477
  
    
$group->setHelp('IPv6 prefix used by IPv6 representations of IPv4 addresses. If this field is empty, default 64:ff9b::/96 prefix is used.');


  		




  
  478
  
    

  		




  
  479
  
    
$section->add($group);


  		




  
  480
  
    

  		




  441
  481
  
    
$form->add($section);


  		




  442
  482
  
    
print($form);


  		




  443
  483
  
    

  		




  
  484
  
    
?>


  		




  
  485
  
    

  		




  
  486
  
    
<script type="text/javascript">


  		




  
  487
  
    
//<![CDATA[


  		




  
  488
  
    
events.push(function() {


  		




  
  489
  
    
	function change_dns64() {


  		




  
  490
  
    
		hideClass('dns64pr', !($('#dns64').prop('checked')));


  		




  
  491
  
    
	}


  		




  
  492
  
    

  		




  
  493
  
    
	 // DNS64


  		




  
  494
  
    
	$('#dns64').change(function () {


  		




  
  495
  
    
		change_dns64();


  		




  
  496
  
    
	});


  		




  
  497
  
    

  		




  
  498
  
    
	// ---------- On initial page load ------------------------------------------------------------


  		




  
  499
  
    

  		




  
  500
  
    
	change_dns64();


  		




  
  501
  
    
});


  		




  
  502
  
    
//]]>


  		




  
  503
  
    
</script>


  		




  
  504
  
    
<?php


  		




  444
  505
  
    
include("foot.inc");


  		












Also available in:  Unified diff